in kdebase/kscreensaver/kscreensave.cpp:
change:
line 18: strcpy( buffer, getenv("HOME") );
to
strncpy( buffer, getenv("HOME"), 256);
and
line 34: strcpy( buffer, KApplication::kde_bindir() );
to
strncpy( buffer, KApplication::kde_bindir(), 256 );
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This one probably isn't crucial, but it's good programming anyway
this fixes the exploit given and is a classic stack overflow exploit, the
thing is KDE uses the getenv function multiple times to get the home
directory (in other kde suites and programs as well) instead of getting it
from the passwd file, strange. Most are not vulnerable cause they aren't
suid, but it still seems to be bad programming since you can change the
environment from the shell. The only suid programs are klock, kppp, and
the *.kss files, I haven't checked the kss programs for bugs yet, but this
will fix the klock.
==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==
| David Zhao UNIX Systems Admininstrator | Live Free or DIE |
| Kellogg School of Management | | | |\ | | \ / |
| ICQ Internet ID: 7892139 | | | | \ | | X |
| Work Ph: (847) 467-3015 Pager: (847) 205-8674 | |_| | \| | / \ |
|
| "Sometimes I think I'm stupid, other times I just am"|
| -- Dennis Kiilerich
=============================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:54 PDT